Username
1d90de95ac
ci: retrigger after runner fix
CI / Fuzz Testing (push) Blocked by required conditions
CI / SBOM Generation (push) Blocked by required conditions
CI / Build & Push Image (push) Blocked by required conditions
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 20s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / Harbor Vulnerability Scan (push) Has been cancelled
2026-01-19 22:24:45 +01:00
Username
adb3d39d71
ci: retrigger build
CI / Fuzz Testing (push) Blocked by required conditions
CI / SBOM Generation (push) Blocked by required conditions
CI / Build & Push Image (push) Blocked by required conditions
CI / Security Scan (push) Successful in 21s
CI / Lint & Format (push) Successful in 23s
CI / Advanced Security Tests (push) Successful in 16s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 26s
CI / Unit Tests (push) Successful in 34s
CI / Harbor Vulnerability Scan (push) Has been cancelled
2026-01-19 21:56:21 +01:00
Username
5c97d76021
ci: add hypothesis fuzz testing job
CI / Security Scan (push) Successful in 21s
CI / Lint & Format (push) Successful in 23s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 34s
CI / Fuzz Testing (push) Successful in 25s
CI / SBOM Generation (push) Successful in 20s
CI / Build & Push Image (push) Failing after 13m42s
CI / Harbor Vulnerability Scan (push) Has been cancelled
2026-01-19 19:54:33 +01:00
Username
a206c9939c
ci: build and push slim image variant
CI / Lint & Format (push) Successful in 23s
CI / Security Scan (push) Successful in 21s
CI / Advanced Security Tests (push) Successful in 16s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 34s
CI / SBOM Generation (push) Successful in 19s
CI / Harbor Vulnerability Scan (push) Has been cancelled
CI / Build & Push Image (push) Has been cancelled
2026-01-19 19:52:57 +01:00
Username
fc7d3df308
add distroless slim container image
2026-01-19 19:52:56 +01:00
Username
756d83e066
api: remove prefix from index response
CI / Lint & Format (push) Successful in 23s
CI / Security Scan (push) Successful in 21s
CI / Advanced Security Tests (push) Successful in 17s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 21s
CI / Build & Push Image (push) Successful in 11s
CI / Harbor Vulnerability Scan (push) Failing after 8s
2026-01-19 19:40:04 +01:00
Username
402df5f535
quadlet: remove /paste prefix for root deployment
2026-01-19 19:38:50 +01:00
Username
af1f53137f
config: serve at paste.mymx.me root instead of /paste prefix
...
CI / Lint & Format (push) Successful in 23s
CI / Security Scan (push) Successful in 21s
CI / Advanced Security Tests (push) Successful in 16s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 26s
CI / Unit Tests (push) Successful in 34s
CI / SBOM Generation (push) Successful in 21s
CI / Build & Push Image (push) Successful in 13s
CI / Harbor Vulnerability Scan (push) Successful in 13s
Migrate from harbor.mymx.me/paste to dedicated paste.mymx.me host.
2026-01-18 20:27:12 +01:00
Username
48094c0bee
ci: add Harbor vulnerability scan after image push
CI / Lint & Format (push) Successful in 23s
CI / Security Scan (push) Successful in 22s
CI / Memory Leak Check (push) Successful in 21s
CI / SBOM Generation (push) Successful in 20s
CI / Security Tests (push) Successful in 26s
CI / Unit Tests (push) Successful in 33s
CI / Advanced Security Tests (push) Successful in 15s
CI / Build & Push Image (push) Successful in 7s
CI / Harbor Vulnerability Scan (push) Successful in 13s
2026-01-18 17:23:19 +01:00
Username
e0310339ee
docs: update for k3s deployment and harbor.mymx.me
2026-01-18 17:07:49 +01:00
Username
435661ae38
kubernetes: update harbor url and health probe paths
...
CI / Security Scan (push) Successful in 21s
CI / Lint & Format (push) Successful in 23s
CI / Advanced Security Tests (push) Successful in 16s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 21s
CI / Build & Push Image (push) Successful in 8s
- use harbor.mymx.me instead of old internal IP
- fix liveness/readiness probes to use /health endpoint
2026-01-18 16:54:59 +01:00
Username
ee0e1211a6
containerfile: remove vendored jaraco.context dist-info
...
CI / Lint & Format (push) Successful in 23s
CI / Security Scan (push) Successful in 22s
CI / Memory Leak Check (push) Successful in 20s
CI / SBOM Generation (push) Successful in 22s
CI / Security Tests (push) Successful in 26s
CI / Unit Tests (push) Successful in 33s
CI / Advanced Security Tests (push) Successful in 16s
CI / Build & Push Image (push) Successful in 40s
setuptools vendors jaraco.context 5.3.0 internally; Trivy detects
this even with 6.1.0 installed separately. Remove the vendored
dist-info to silence the false positive.
2026-01-18 16:29:41 +01:00
Username
278ad73778
containerfile: fix jaraco.context CVE and consolidate
...
- explicitly install jaraco.context>=6.1.0 in runtime stage
to override vendored copy in setuptools (GHSA-58pv-8j8x-9vj2)
- remove redundant installs from builder (requirements.txt
already pins setuptools>=80.0 and jaraco.context>=6.1.0)
- consolidate runtime pip install into single command
- remove redundant comments
2026-01-18 12:09:53 +01:00
Username
cc1bba9a57
container: upgrade system setuptools to fix jaraco.context CVE
CI / Security Scan (push) Successful in 21s
CI / Lint & Format (push) Successful in 23s
CI / Advanced Security Tests (push) Successful in 16s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 26s
CI / Unit Tests (push) Successful in 34s
CI / SBOM Generation (push) Successful in 20s
CI / Build & Push Image (push) Successful in 20s
2026-01-18 11:12:17 +01:00
Username
6c0e2ab07f
container: use apt instead of apt-get
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 20s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 20s
CI / Build & Push Image (push) Successful in 33s
2026-01-18 10:46:47 +01:00
Username
ba0e591dda
container: clean apt caches and upgrade setuptools for CVE fix
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 21s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 19s
CI / Build & Push Image (push) Successful in 32s
2026-01-18 10:44:24 +01:00
Username
eb60193348
ci: use Containerfile for image build
CI / Security Scan (push) Successful in 20s
CI / Lint & Format (push) Successful in 22s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 20s
CI / Build & Push Image (push) Successful in 36s
2026-01-18 10:30:26 +01:00
Username
80edae3e63
ci: run build-push on host instead of container
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 20s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 19s
CI / Build & Push Image (push) Failing after 45s
2026-01-18 10:26:13 +01:00
Username
195752fe75
ci: fix test file references and hardcoded paths
...
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 20s
CI / Advanced Security Tests (push) Successful in 15s
CI / Memory Leak Check (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
CI / SBOM Generation (push) Successful in 20s
CI / Build & Push Image (push) Failing after 29s
- Remove non-existent test_mime_detection.py from unit tests
- Use relative paths in security tests for container compatibility
2026-01-18 10:23:31 +01:00
Username
3be2fd6cf6
tests: fix mypy type errors in security tests
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 21s
CI / Unit Tests (push) Failing after 17s
CI / Advanced Security Tests (push) Failing after 14s
CI / Memory Leak Check (push) Successful in 20s
CI / Security Tests (push) Successful in 25s
CI / Build & Push Image (push) Has been skipped
CI / SBOM Generation (push) Successful in 20s
2026-01-18 10:18:09 +01:00
Username
97bf955820
tests: fix ruff lint errors in security tests
CI / Security Scan (push) Successful in 20s
CI / Lint & Format (push) Failing after 22s
CI / Unit Tests (push) Has been skipped
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Build & Push Image (push) Has been skipped
2026-01-18 10:04:27 +01:00
Username
661dab4a81
ci: add container image build and push to harbor
CI / Lint & Format (push) Failing after 17s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
CI / Build & Push Image (push) Has been skipped
2026-01-18 09:57:32 +01:00
Username
9eee14e918
docs: update harbor integration status and remove hardcoded credentials
2026-01-18 09:57:27 +01:00
Username
0fc45587cd
deps: pin transitive dependencies for security fixes
...
- urllib3>=2.6.3 (CVE-2025-43859)
- jaraco.context>=6.1.0 (GHSA-58pv-8j8x-9vj2)
- setuptools>=80.0 (vendored jaraco.context)
reduces High vulnerabilities from 6 to 3
2026-01-18 09:16:08 +01:00
Username
a736bce346
docs: add kubernetes deployment guide
2026-01-17 16:27:56 +01:00
Username
7812af2e47
docs: add harbor registry guide
2026-01-17 16:27:51 +01:00
Username
9b1cddd7f1
kubernetes: use NodePort for external access
...
- change service type from ClusterIP to NodePort (30500)
- enables HAProxy routing from mymx to k8s cluster
2026-01-17 16:27:44 +01:00
Username
f6a69b0b55
add Kubernetes deployment manifest
2026-01-17 13:59:01 +01:00
Username
b9f0283a3b
add Podman Quadlet deployment
...
- flaskpaste.container for rootless systemd integration
- UserNS mapping for bind mount permissions
- README updated with deployment instructions
2026-01-17 13:58:52 +01:00
Username
379178e409
exempt /health from rate limiting
...
CI / Lint & Format (push) Failing after 17s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
Health check endpoint was being rate-limited (60/hour), causing
container health checks (every 30s = 120/hour) to fail with 429.
Uses flask-limiter's request_filter to bypass rate limiting for
the health endpoint, supporting URL_PREFIX configuration.
2026-01-08 20:12:03 +01:00
Username
6da80aec76
docs: update for simplified MIME detection (v1.5.1)
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
2025-12-26 19:52:40 +01:00
Username
a7f1c09634
bump version to 1.5.1
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
2025-12-26 19:15:20 +01:00
Username
28e31f0b37
remove obsolete MIME detection tests
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
2025-12-26 19:06:35 +01:00
Username
bc751d1b8c
validate MIN_ENTROPY config bounds [0, 8]
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
2025-12-26 18:47:06 +01:00
Username
3cda73c8b0
simplify MIME detection to text/binary only
...
Remove magic byte detection in favor of simple UTF-8 validation:
- text/plain for valid UTF-8 content
- application/octet-stream for binary data
Security maintained via headers (X-Content-Type-Options: nosniff, CSP).
Magic signatures preserved as comments for future reference.
Disabled test files:
- test_mime_detection.py.disabled (magic-dependent tests)
- test_polyglot.py.disabled (polyglot format tests)
For full MIME detection, consider using the `filetype` library.
2025-12-26 18:44:24 +01:00
Username
fb45005766
add polyglot generator and MIME confusion tests
...
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
- polyglot_generator.py: creates files valid in multiple formats
- 41 new tests verify MIME detection handles polyglots correctly
- Document rate limiting behavior under attack
- Clarify DMG/ISO/DOCX detection limitations
2025-12-26 18:25:46 +01:00
Username
98694ba1cc
docs: add comprehensive threat model
...
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
STRIDE analysis covering:
- System architecture and trust boundaries
- Attack surface analysis (10 entry points)
- Threat actors (anonymous, authenticated, operator, sophisticated)
- 20+ threats with mitigations across STRIDE categories
- Security controls matrix
- MIME polyglot attack mitigations
- Cryptographic controls
- Residual risks and known limitations
- Incident response guidance
2025-12-26 17:10:41 +01:00
Username
dc2da67fb3
add Hypothesis property-based MIME detection tests
...
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
- test_magic_prefix_detection: verify all signatures with random suffix
- test_random_binary_never_crashes: random data never crashes
- test_partial_magic_no_false_match: truncated magic handled safely
- test_magic_not_at_start_ignored: only detect magic at offset 0
2025-12-26 17:09:02 +01:00
Username
03bcb157cc
add HEIC/HEIF/AVIF MIME detection signatures
...
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
- Add ftyp box signatures for heic, mif1, and avif brands
- Add tests for new image formats
- Fix nested if lint warning in lookup rate limit
- Update security docs: MKV uses WebM header, TAR needs offset 257
2025-12-26 17:04:51 +01:00
Username
93a4dd2f97
ci: add security headers audit to pipeline
2025-12-26 16:56:03 +01:00
Username
63034e17fe
perf: cache is_trusted_proxy result per request
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
2025-12-26 00:48:55 +01:00
Username
13ed5ed9cb
ci: add advanced security tests job
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
2025-12-26 00:42:43 +01:00
Username
bd75f81afd
add security testing suite and update docs
...
CI / Lint & Format (push) Failing after 15s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
- tests/security/pentest_session.py: comprehensive 10-phase pentest
- tests/security/profiled_server.py: cProfile-enabled server
- tests/security/cli_security_audit.py: CLI security checks
- tests/security/dos_memory_test.py: memory exhaustion tests
- tests/security/race_condition_test.py: concurrency tests
- docs: add pentest results, profiling analysis, new test commands
2025-12-26 00:39:33 +01:00
Username
c1d2e39b09
docs: complete penetration testing status update
...
CI / Lint & Format (push) Failing after 15s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 19s
CI / Security Tests (push) Has been skipped
All pentest items now complete:
- CLI security audit (clipboard, permissions)
- DoS memory exhaustion (fixed lookup rate limit)
- Race conditions (all protected by locks)
2025-12-26 00:17:11 +01:00
Username
4f5da8ca66
fix: add memory protection to lookup rate limiting
...
ENUM-002: Lookup rate limit now respects LOOKUP_RATE_LIMIT_MAX_ENTRIES
(default 10000) to prevent memory exhaustion from unique IP flood.
Eviction strategy: expired entries first, then oldest by last request.
2025-12-26 00:16:41 +01:00
Username
0fa6052f69
docs: update security testing status with completed tests
...
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 20s
CI / Memory Leak Check (push) Successful in 19s
CI / SBOM Generation (push) Successful in 19s
CI / Security Tests (push) Successful in 25s
CI / Unit Tests (push) Successful in 33s
- Add race condition testing results (HEAD triggers burn-after-read)
- Add timing attack analysis (PBKDF2 constant-time verified)
- Mark RPM, AVI, WAV MIME signatures as fixed
- Update security controls table with new verifications
2025-12-25 23:58:42 +01:00
Username
d7a8f43dae
add MIME signatures: RPM, AVI, WAV (RIFF subtypes)
CI / Lint & Format (push) Successful in 22s
CI / Security Scan (push) Successful in 20s
CI / Memory Leak Check (push) Successful in 18s
CI / SBOM Generation (push) Successful in 19s
CI / Security Tests (push) Successful in 24s
CI / Unit Tests (push) Successful in 32s
2025-12-25 23:51:14 +01:00
Username
4823ff7b5d
docs: update MIME testing results (26 signatures tested)
CI / Lint & Format (push) Successful in 21s
CI / Security Scan (push) Successful in 20s
CI / Memory Leak Check (push) Successful in 18s
CI / SBOM Generation (push) Successful in 19s
CI / Security Tests (push) Successful in 24s
CI / Unit Tests (push) Successful in 32s
2025-12-25 23:37:05 +01:00
Username
645f6feefd
docs: add security testing status and remaining tasks
CI / Lint & Format (push) Successful in 21s
CI / Security Scan (push) Successful in 19s
CI / Memory Leak Check (push) Successful in 18s
CI / SBOM Generation (push) Successful in 19s
CI / Security Tests (push) Successful in 24s
CI / Unit Tests (push) Successful in 32s
2025-12-25 23:04:33 +01:00
Username
da36f15741
docs: add fuzzer results to security assessment
CI / Lint & Format (push) Successful in 21s
CI / Security Scan (push) Successful in 21s
CI / Memory Leak Check (push) Successful in 18s
CI / SBOM Generation (push) Successful in 18s
CI / Security Tests (push) Successful in 24s
CI / Unit Tests (push) Successful in 32s
2025-12-25 22:52:43 +01:00
